Re: How to fix broken security in Windows 2000?

From: Karl Levinson, mvp (levinson_k_at_despammed.com)
Date: 01/18/05 

Date: Tue, 18 Jan 2005 08:24:59 -0500

It seems to me this is not exactly a Microsoft or Windows problem, because
if you deleted your root certificates on any OS, you would have problems
with those certificates. What are you doing deleting root certificates
anyways? If you don't know exactly how it works, don't delete it.
Microsoft cannot possibly write an article about every single file and
object telling you not to delete it.

Anyways, I would try restoring those certificates and possibly rebooting.
See the "Method 8" section of this KB article.

http://support.microsoft.com/default.aspx/kb/822798?

It is generally not a good idea to cross-post to multiple groups, because
then your answer gets answered repeatedly in multiple groups. 

-- 
regards,
Karl Levinson, MS MVP, CISSP
Microsoft Security FAQ:
   http://securityadmin.info
"Shannon Jacobs" <shanen@my-deja.com> wrote in message
news:uH$rAxP$EHA.2540@TK2MSFTNGP09.phx.gbl...
> In http://support.microsoft.com/default.aspx?scid=kb;en-us;293781 there is
> the very interesting comment:
>
> "As you may have noticed in the provided information, some of the
> certificates have expired. However, these certificates are necessary for
> backwards compatibility. Even if there is an expired trusted root
> certificate, anything that was signed with that certificate prior to the
> expiration date needs that trusted root certificate to be validated. As
long
> as expired certificates are not revoked, it can be used to validate
anything
> that was signed prior to its expiration."
>
> Oh! *NOW* you [Microsoft] tell me. Just too bad the information wasn't
> provided earlier.
>
> Been wrestling with this problem for several weeks, and though I'm not
> certain, I very strongly suspect that what happened is that I deleted a
> required security certificate in the foolish belief that the expiration
date
> had some meaning. Quite trivial to do from IE: Tools menu -> Internet
> Options command -> Content tab -> Certificates button -> Trusted Root
> Certificates tab. Not certain because it happened a while ago and the
> resulting problem is minor, though annoying. Some possibility it may have
> been caused by a WindowsUpdate, possibly even one that was pushed onto my
> machine by the corporate IT people.
>
> The problem itself is that the computer complains about a new file version
> that it can't check. It doesn't reveal what file, and it doesn't actually
> say anything about a missing security certificate, but I'm pretty sure
> that's what's going on. The SFC fails to run, which is apparently related.
>
> I'm pretty sure that all of the root certificates have been restored, but
> either there is a missing certificate somewhere else, or it is some kind
of
> chain reaction thing.
>
> Anyone else having similar problems? Any suggestions about how to fix it?
> Diagnostic steps to identify the missing certificate or even the affected
> file?
>
Quantcast